PDA

View Full Version : Re: Preventing Spyware installation on a network.

Robert Moir
ntelscho wrote:
> I'm looking for information on setting that can be made to prevent
> users from having spyware installed on their machines using 2000. The
> main problem is that all the users need to have administrative access
> for some of their applications to work. Are there some settings that
> I can change in IE or elsewhere that would at least help prevent this
> for most users?

You can customise the security settings for the various zones to prevent
accidental and/or "Click 'n' drool" installs from websites.

> Any suggestions on how I can lock down a system
> without revoking admin priveledges?

I'd consider these two things as mutually exclusive goals. Where do you want
to draw your compromise?

--
--
Rob Moir, Microsoft MVP for servers & security
Website - http://www.robertmoir.co.uk
Virtual PC 2004 FAQ - http://www.robertmoir.co.uk/win/VirtualPC2004FAQ.html

Kazaa - Software update services for your Viruses and Spyware.


=?Utf-8?B?bnRlbHNjaG8=?=
Essentially the problem is that many of the users are using an application
that if admin priviledges are taken away does not allow them to print. I'm
looking for a way around this yet I still want to be able to protect them
from spyware.

"Robert Moir" wrote:

> ntelscho wrote:
> > I'm looking for information on setting that can be made to prevent
> > users from having spyware installed on their machines using 2000. The
> > main problem is that all the users need to have administrative access
> > for some of their applications to work. Are there some settings that
> > I can change in IE or elsewhere that would at least help prevent this
> > for most users?
>
> You can customise the security settings for the various zones to prevent
> accidental and/or "Click 'n' drool" installs from websites.
>
> > Any suggestions on how I can lock down a system
> > without revoking admin priveledges?
>
> I'd consider these two things as mutually exclusive goals. Where do you want
> to draw your compromise?
>
> --
> --
> Rob Moir, Microsoft MVP for servers & security
> Website - http://www.robertmoir.co.uk
> Virtual PC 2004 FAQ - http://www.robertmoir.co.uk/win/VirtualPC2004FAQ.html
>
> Kazaa - Software update services for your Viruses and Spyware.
>
>
>
Jeff Cochran
On Tue, 14 Sep 2004 14:00:40 -0700, "ntelscho"
wrote:

>Essentially the problem is that many of the users are using an application
>that if admin priviledges are taken away does not allow them to print. I'm
>looking for a way around this yet I still want to be able to protect them
>from spyware.

Using IE zones works as far as protecting them in IE, but spyware
installed from other locations, via email for example, isn't stopped.

Jeff

>> ntelscho wrote:
>> > I'm looking for information on setting that can be made to prevent
>> > users from having spyware installed on their machines using 2000. The
>> > main problem is that all the users need to have administrative access
>> > for some of their applications to work. Are there some settings that
>> > I can change in IE or elsewhere that would at least help prevent this
>> > for most users?
>>
>> You can customise the security settings for the various zones to prevent
>> accidental and/or "Click 'n' drool" installs from websites.
>>
>> > Any suggestions on how I can lock down a system
>> > without revoking admin priveledges?
>>
>> I'd consider these two things as mutually exclusive goals. Where do you want
>> to draw your compromise?
>>
>> --
>> --
>> Rob Moir, Microsoft MVP for servers & security
>> Website - http://www.robertmoir.co.uk
>> Virtual PC 2004 FAQ - http://www.robertmoir.co.uk/win/VirtualPC2004FAQ.html
>>
>> Kazaa - Software update services for your Viruses and Spyware.
>>
>>
>>